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CLAIMS 

1. A method, comprising: 

receiving data input through a web page from a client device; 

referencing a declarative module to determine a client input security screen 
to apply to the data input from the client device; and 

applying the client input security screen to the data input from the client 
device. 

2. The method as recited in claim 1, wherein the declaration module 
further comprises a global section that includes at least one client input security 
screen that applies to any type of client input value. 

3. The method as recited in claim 1, wherein the declaration module 
further comprises an individual values section that includes at least one client 
input security screen that applies to a particular type of client input value. 

4. The method as recited in claim 3, wherein the particular type of client 
input value is one of the following types of client input values: query string; server 
variable; form value; cookie. 

5. The method as recited in claim 1, wherein the declaration module 
further comprises a web.config file. 
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6. The method as recited in claim 1, wherein the applying the client 
input security screen further comprises executing a default action on invalid client 
input detected by the client input security screen. 

7. The method as recited in claim 1, wherein the applying the client 
input security screen further comprises executing a specified action on invalid 
client input detected by the client input security screen, the specified action being 
specified in the client input security screen. 

8. The method as recited in claim 1, wherein a client input security 
screen further comprises one or more values that may be entered as client input, 
the one or more values further comprising the only values that may be entered as 
client input. 

9. The method as recited in claim 1, wherein a client input security 
screen further comprises one or more screened values that, when detected in the 
client input, cause an action to be taken on the client input. 

10. The method as recited in claim 9, wherein the action to be taken 
further comprises removing the one or more screened values detected in the client 
input. 
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11. The method as recited in claim 9, wherein the action to be taken 
further comprises removing an entire string that contains the one or more screened 
values detected in the client input. 

12. A system, comprising: 

a web page server unit configured to provide one or more web pages to one 
or more client devices over a distributed network; 
means for receiving client input data; 

a declaration module configured to include at least one client input security 
screen that declares one or more screening rules for client input; and 

a client input security screening unit configured to apply the one or more 
screening rules for client input to the client input data and to perform one or more 
actions on invalid client input data. 

13. The system as recited in claim 12, wherein the declaration module 
further comprises a global section that includes one or more client input security 
screens that are applied to all types of client input. 

14. The system as recited in claim 12, wherein the declaration module 
further comprises an individual values section that includes one or more client 
input security screens that are applied to specified types of client input. 
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15. The system as recited in claim 12, wherein the declaration module 
further comprises a global section that includes one or more client input security 
screens that are applied to all types of client input, and an individual values section 
that includes one or more client input security screens that are applied to specified 
types of client input. 

16. The system as recited in claim 12, wherein a screening rule further 
comprises a client input variable that may be accepted as input from a client. 

17. The system as recited in claim 12, wherein a screening rule further 
comprises one or more screened characters that, when detected in client input, are 
screened from the client input according to a screening rule. 

18. The system as recited in claim 17, wherein the screening rule further 
comprises a default screening action that is applied in the absence of a specified 
screening action. 

19. The system as recited in claim 17, wherein the screening rule further 
comprises a specified screening action that is applied to the screened client input. 

20. The system as recited in claim 12, wherein the declaration module 
further comprises a web.config file. 
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21. One or more computer-readable media containing computer- 
executable instructions that, when executed on a computer, perform the following 
steps: 

serving a web page to a client over a distributed network; 
receiving client input via the web page; 

comparing the client input with one or more client input security screens 
stored in a security declaration module; 

if invalid client input is detected, performing a screening action on the 
invalid client input as indicated by the security declaration module; and 

wherein the one or more input security screens included in the security 
declaration module can be applied to multiple web pages. 

22. The one or more computer-readable media as recited in claim 21, 
wherein the one or more client input security screens further comprise a global 
section configured to screen all types of client input values. 

23. The one or more computer-readable media as recited in claim 21, 
wherein the one or more client input security screens further comprise an 
individual values section configured to screen particular types of client input 
values. 

24. The one or more computer-readable media as recited in claim 21, 
wherein the security declaration module further comprises a web.config file. 
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25. The one or more computer-readable media as recited in claim 21, 
wherein the screening action further comprises an action specified in a client input 
security screen. 

26. The one or more computer-readable media as recited in claim 21, 
wherein the screening action further comprises a default action that is not required 
to be specified in a client input security screen. 

27. The one or more computer-readable media as recited in claim 21, 
wherein the multiple web pages are included in a web project. 

28. The one or more computer-readable media as recited in claim 21, 
wherein the multiple web pages are included in a web-based application. 
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